Hi! > If attacker can inject code at the beginning or make valid syntax > at the beginning, they can succeed injection. This is true not > only for PHP, but also Ruby/Perl/Python.
This is exactly my point. Since it does not solve the problem that you are presenting (I am still not convinced it's our problem, but for the same of discussion let's assume for now it is so) - why exactly would we want to do it? I'm afraid we'd have another safe_mode scenario on our hands here, where we lure users into complacency with false sense of security, while not actually providing it. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
